Integrating SSO in a project using Shibboleth authentication

Shibboleth is an open-source identity federation solution that’s used in research and education communities worldwide.

Graphic by ncsu.edu

Basically is a federating agent that consists of 2 components:

1- Service Provider (SP)
which request attributes, represented in this implementation als storage.luckycloud.de using Apache2-mod-shib
2- Identity Provider(IDP)
which broadcasts attributes, and will be implemented in the Login-logic of the site

Now the SP is actually out-of-the-box with apache2 module mod-shib. But my interest here is to do the Identity Provider part als Symfony module.

UPDATE: The Shibboleth take on this was deprecated and we installed with Luc an SSO-version since Seafile now support OAUTH2 authentication. The changes are already implemented and tested on live:

Because of security I cannot give any details of this implementation I would like to comment that is working without issues since day zero and it’s saving a lot of time preventing double login and I hope enhancing user experience.